Security
You're probably exposed to rootkit risk, because vendors wanted their logos to show during boot processes -- everything's broken, howl into the abyss, why's this security advisory on a domain like https://9443417.fs1.hubspotusercontent-na1.net anyway?
"We are forced to ‘trust’ the Internet – open inbound ports on our firewalls – and then our app server, web server or API server does the final authorization inside our DMZ..."
Hackers gained access to an employee account and pivoted to staging environment, but did not move laterally, company says.
"When we see a vulnerability or intrusion campaign that could have been reasonably avoided if the software manufacturer had aligned to secure by design principles, we’ll call it out"
ownCloud claims 200,000 installations, 600 enterprise customers, and 200 million users with customers including the European Commission.
Hey criminals! Fire an HTTP GET request. Grab system memory including session cookies issued post-authentication. Don't worry about logs. Pillage and loot. Thanks, Citrix.
Incident comes weeks after the Application Performance Monitoring firm was taken private in a $6.5 billion buyout
"Industry has gotten good at identifying vulnerabilities in the supply chain; SBOMs and so on [but not at] at insidious backdoors and logic issues that are built into software, and update mechanisms that could cause implants..."
"Loaded by default on just about every version of Windows, so it provides a broad attack surface"